Operations Guides

Appliance Operational Procedures

Home



Overview

This guide covers common operational questions and procedures for Eyeglass and ECA clusters.


Eyeglass Common Procedures

  1. Shutting down the appliance 

    1. Login as admin using ssh
    2. sudo -s (enter admin password)
    3. systemctl stop sca
    4. shutdown
  1. Reboot the appliance

    1. NOTE: This should not be used as a trouble shooting step. This is not required for any operational steps. If a reboot is required for an operating system patch follow these steps. For all other cases open a case with support and do not reboot the appliance unless directed by support
    2. login as admin
    3. sudo -s (enter admin password)
    4. systemctl stop sca
    5. reboot
  2. IP address change

    1. login as admin
    2. sudo -s (enter admin password)
    3. yast
    4. use arrow keys to select networking and edit interface ip settings, including, DNS and default gateway
  3. vmotion to new ESX host

    1. Eyeglass can be moved between hosts without shutdown

    2. PowerScale code upgrade see guide

  4. Password Change

    1. Login as the admin user over ssh (also applies to other builtin user accounts for other products, rwdefend, auditor)
    2. type the command below: 
      1. passwd

    3. Enter new password, retype new password
    4. done

ECA cluster Common Operations (Ransomware Defender, Easy Auditor, Performance Auditor, Search & Recover and Golden Copy)

All of the above products share common operating procedures.

  1. For additional scenarios on ECA based product admin guide see the guide.
  2. Health Monitor - Audit Data Ingestion and Audit Data Save to Database 

    1. NOTE: These graphs should be checked every time you have errors or issues with Ransomware Defender, Easy Auditor or Performance Auditor. Each product depends on audit data ingestion. The graph should never be a flat line for received or sent audit records. 
      1. The most common cause is network issues between the ECA VM' s and the cluster.
    1. Login to Eyeglass GUI (Requires 2.5.8 or later) 
    2. Click the Managed Services Icon
    3. Click the ECA monitor button.  This will launch a new browser tab to display received audit data per ECA node rate of events per minute per node and sent audit data per ECA node to the Isilon / Powerscale HDFS database.  The graphs should never be flat lines for any extended period of time.  The graph shows events per minute per ECA node.
    4.  
    5. Turbo Audit received is audit data ingestion
    6. evtarchive sent is audit data saving to HDFS (Easy Auditor Only) 
  3. Restart the cluster

    1. login to node 1 as ecaadmin over ssh
    2. ecactl cluster down
    3. then
    4. ecactl cluster up
    5. NOTE: can take 5-7 minutes to startup and shutdown all nodes in the cluster
  4. Reboot a single node 

    1. login to the node over ssh as ecaadmin
    2. sudo -s (enter admin password)
    3. reboot
    4. Now login to node 1 as ecaadmin
    5. ecactl cluster up (this will ensure all services are started on all nodes, even if the cluster is already running)
  5. ECA cluster ip address change

    1. Review the eca admin guide
  6. ECA password change 

    1. Login as the ecaadmin user over ssh
    2. type the command below:
    3. passwd
    4. Enter new password, retype new password
    5. done
  7. ECA cluster shutdown

    1. Use this procedure to stop the cluster software
    2. login to eca node 1 as ecaadmin
    3. type
      1. ecactl cluster down
  8. Power Loss to VM or Recovery from a Reboot without graceful shutdown

    1. login to node 1 as ecaadmin over ssh
    2. ecactl cluster down
    3. then
    4. ecactl cluster up












© Superna LLC